pontiac51 | 14.11.2012 17:15 | OTL Fix Log: Code:
All processes killed
========== OTL ==========
Prefs.js: ClickPotatoLite@ClickPotatoLite.com:10.0.668.0 removed from extensions.enabledItems
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
C:\Dokumente und Einstellungen\fritz\Anwendungsdaten\Mozilla\Firefox\Profiles\sl47ecq5.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.
C:\Dokumente und Einstellungen\fritz\Anwendungsdaten\Mozilla\Firefox\Profiles\sl47ecq5.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.
C:\Dokumente und Einstellungen\fritz\Anwendungsdaten\Mozilla\Firefox\Profiles\sl47ecq5.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.
C:\Dokumente und Einstellungen\fritz\Anwendungsdaten\Mozilla\Firefox\Profiles\sl47ecq5.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.
C:\Dokumente und Einstellungen\fritz\Anwendungsdaten\Mozilla\Firefox\Profiles\sl47ecq5.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.
C:\Dokumente und Einstellungen\fritz\Anwendungsdaten\Mozilla\Firefox\Profiles\sl47ecq5.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.
C:\Dokumente und Einstellungen\fritz\Anwendungsdaten\Mozilla\Firefox\Profiles\sl47ecq5.default\extensions\ffxtlbr@babylon.com folder moved successfully.
C:\Dokumente und Einstellungen\fritz\Anwendungsdaten\Mozilla\Firefox\Profiles\sl47ecq5.default\searchplugins\askcomsearch.xml moved successfully.
Use Chrome's Settings page to change the HomePage.
Use Chrome's Settings page to change the HomePage.
File C:\Programme\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll not found.
C:\Dokumente und Einstellungen\fritz\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\images folder moved successfully.
C:\Dokumente und Einstellungen\fritz\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0 folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\wjocxsasyneutsl moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\zpkhevyfeahjqdh folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: fritz
->Temp folder emptied: 15226164 bytes
->Temporary Internet Files folder emptied: 4372022 bytes
->Java cache emptied: 1254531 bytes
->FireFox cache emptied: 44069364 bytes
->Google Chrome cache emptied: 32593523 bytes
->Flash cache emptied: 33927 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49816 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: Tobi
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2217158 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 20098 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 95,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 11142012_164906
Files\Folders moved on Reboot...
File\Folder C:\Dokumente und Einstellungen\fritz\Lokale Einstellungen\Temp\~DFA927.tmp not found!
File\Folder C:\Dokumente und Einstellungen\fritz\Lokale Einstellungen\Temp\~DFA940.tmp not found!
File\Folder C:\Dokumente und Einstellungen\fritz\Lokale Einstellungen\Temp\~DFA9FB.tmp not found!
File\Folder C:\Dokumente und Einstellungen\fritz\Lokale Einstellungen\Temp\~DFAA15.tmp not found!
File\Folder C:\Dokumente und Einstellungen\fritz\Lokale Einstellungen\Temp\~DFAC01.tmp not found!
File\Folder C:\Dokumente und Einstellungen\fritz\Lokale Einstellungen\Temp\~DFAC1A.tmp not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot... Bei Schritt 2 war unter Startseite auch Babylon eingetragen, habe ich dort ebenfalls ersetzt. Ich hoffe, das wirft uns nicht aus der Bahn. ;)
JRT Log: Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.0.9 (11.13.2012)
OS: Microsoft Windows XP x86
Ran by fritz on 14.11.2012 at 17:03:44,76
Blog: hxxp://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [File] C:\Dokumente und Einstellungen\fritz\Anwendungsdaten\Mozilla\Firefox\Profiles\sl47ecq5.default\user.js
Successfully deleted: [Folder] C:\Dokumente und Einstellungen\fritz\Anwendungsdaten\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
Successfully deleted the following from "C:\Dokumente und Einstellungen\fritz\Anwendungsdaten\Mozilla\Firefox\Profiles\sl47ecq5.default\prefs.js"
user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.11.2012 at 17:08:12,59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ OTL Quickscan Log: Code:
OTL logfile created on: 14.11.2012 17:10:48 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\fritz\Desktop\scan
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,75 Gb Total Physical Memory | 1,15 Gb Available Physical Memory | 65,97% Memory free
3,60 Gb Paging File | 3,20 Gb Available in Paging File | 88,87% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 298,08 Gb Total Space | 270,82 Gb Free Space | 90,86% Space Free | Partition Type: NTFS
Computer Name: P-AF9AC068A1F14 | User Name: fritz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Dokumente und Einstellungen\fritz\Desktop\scan\OTL.exe (OldTimer Tools)
PRC - c:\Dokumente und Einstellungen\fritz\Lokale Einstellungen\temp\TeamViewer\Version7\TeamViewer_Desktop.exe (TeamViewer GmbH)
PRC - C:\Dokumente und Einstellungen\fritz\Lokale Einstellungen\temp\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Dokumente und Einstellungen\fritz\Lokale Einstellungen\temp\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Fighters\FighterSuiteService.exe (SPAMfighter ApS)
PRC - C:\Programme\Fighters\Tray\FightersTray.exe (SPAMfighter ApS)
PRC - C:\Programme\Common Files\Common Toolkit Suite\FighterSuiteService.exe (SPAMfighter)
PRC - C:\Programme\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe ()
MOD - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcnet.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU ()
MOD - C:\Programme\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
========== Services (SafeList) ==========
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Symantec Core LC) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (Suite Service) -- C:\Programme\Fighters\FighterSuiteService.exe (SPAMfighter ApS)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (Common Toolkit Service) -- C:\Programme\Common Files\Common Toolkit Suite\FighterSuiteService.exe (SPAMfighter)
SRV - (NVIDIA Performance Driver Service) -- C:\Programme\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe ()
SRV - (LiveUpdate Notice Service) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (ISPwdSvc) -- C:\Programme\Norton Internet Security\isPwdSvc.exe (Symantec Corporation)
SRV - (comHost) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (LiveUpdate Notice Ex) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SymAppCore) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Hofer Foto Service\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\Sandra.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
DRV - (Changer) -- File not found
DRV - (CFcatchme) -- C:\DOKUME~1\fritz\LOKALE~1\Temp\CFcatchme.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NAVEX15) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20121113.002\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20121113.002\NAVENG.SYS (Symantec Corporation)
DRV - (SYMIDSCO) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SymcData\idsdefs\20121108.001\SymIDSCo.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\symtdi.sys (Symantec Corporation)
DRV - (SYMFW) -- C:\WINDOWS\system32\drivers\symfw.sys (Symantec Corporation)
DRV - (SYMIDS) -- C:\WINDOWS\system32\drivers\symids.sys (Symantec Corporation)
DRV - (SYMNDIS) -- C:\WINDOWS\system32\drivers\symndis.sys (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\system32\drivers\symredrv.sys (Symantec Corporation)
DRV - (SYMDNS) -- C:\WINDOWS\system32\drivers\symdns.sys (Symantec Corporation)
DRV - (VIAHdAudAddService) -- C:\WINDOWS\system32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (monfilt) -- C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.)
DRV - (SRTSPL) -- C:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation)
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (SPBBCDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (QV2KUX) -- C:\WINDOWS\system32\drivers\qv2kux.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1957994488-842925246-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://derstandard.at/
IE - HKU\S-1-5-21-1957994488-842925246-725345543-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1957994488-842925246-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1957994488-842925246-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7AURU_de
IE - HKU\S-1-5-21-1957994488-842925246-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..extensions.enabledItems: {DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}:1.0
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: ""
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.02 09:20:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.04.06 20:37:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.11.10 17:16:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.02 09:20:42 | 000,000,000 | ---D | M]
[2012.11.14 17:07:59 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\fritz\Anwendungsdaten\Mozilla\Extensions
[2012.11.14 16:49:09 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\fritz\Anwendungsdaten\Mozilla\Firefox\Profiles\sl47ecq5.default\extensions
[2012.11.10 17:16:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.04.06 16:01:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.04.08 19:08:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.22 12:07:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012.11.10 17:16:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2011.04.06 20:37:41 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.04.06 20:37:41 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.06 20:37:41 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.04.06 20:37:41 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.04.06 20:37:41 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage: hxxp://www.derstandard.at/
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = hxxp://search.babylon.com/?q={searchTerms}&tt=010412_crm&babsrc=SP_crm
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.derstandard.at/
CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Programme\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.64\gears.dll
CHR - plugin: ClickPotatoLite Firefox Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll
CHR - plugin: getPlusPlus for Adobe 162102 (Enabled) = C:\Programme\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.53\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
O1 HOSTS File: ([2012.11.13 08:25:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CommonToolkitTray] C:\Programme\Fighters\Tray\FightersTray.exe (SPAMfighter ApS)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [osCheck] C:\Programme\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1957994488-842925246-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1957994488-842925246-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1957994488-842925246-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1957994488-842925246-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261528697161 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1352569645234 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F411CAD6-A9AB-42F1-A508-22D4878D4117}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\fritz\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\fritz\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.23 01:06:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.11.14 17:03:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2012.11.14 17:03:19 | 000,000,000 | ---D | C] -- C:\JRT
[2012.11.14 16:49:19 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.11.14 16:49:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.11.13 08:01:08 | 005,000,679 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\fritz\Desktop\ComboFix.exe
[2012.11.12 18:45:36 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012.11.12 18:40:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012.11.12 18:40:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012.11.12 18:40:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012.11.12 18:40:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.11.12 18:40:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.12 18:40:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012.11.12 18:28:51 | 003,167,176 | ---- | C] (TeamViewer) -- C:\Dokumente und Einstellungen\fritz\Desktop\TeamViewerQS_de.exe
[2012.11.10 17:17:15 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2012.11.10 17:16:35 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2012.11.07 10:29:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\fritz\Desktop\scan
[2012.11.07 10:11:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\fritz\Anwendungsdaten\QuickScan
[2012.11.06 20:52:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\fritz\Anwendungsdaten\Malwarebytes
[2012.11.06 20:52:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.11.06 20:52:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.11.06 20:51:59 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.11.06 20:51:59 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.10.31 20:54:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\fritz\Anwendungsdaten\TeamViewer
========== Files - Modified Within 30 Days ==========
[2012.11.14 16:51:53 | 000,212,641 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.11.14 16:51:21 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.11.14 16:50:43 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.11.14 16:50:43 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.14 16:50:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.11.13 17:26:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.13 08:25:24 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.11.13 08:01:10 | 005,000,679 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\fritz\Desktop\ComboFix.exe
[2012.11.12 18:45:40 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2012.11.12 18:28:51 | 003,167,176 | ---- | M] (TeamViewer) -- C:\Dokumente und Einstellungen\fritz\Desktop\TeamViewerQS_de.exe
[2012.11.07 10:34:41 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\fritz\defogger_reenable
[2012.11.06 20:52:01 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.11.06 07:51:44 | 000,002,509 | ---- | M] () -- C:\Dokumente und Einstellungen\fritz\Desktop\Microsoft Office Word 2003.lnk
[2012.11.05 23:35:41 | 000,000,658 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Systemprüfung ausführen - fritz.job
[2012.10.30 16:36:54 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.10.29 15:42:23 | 000,316,924 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.10.29 15:42:23 | 000,311,740 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.10.29 15:42:23 | 000,048,360 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.10.29 15:42:23 | 000,040,128 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
========== Files Created - No Company Name ==========
[2012.11.12 18:45:40 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2012.11.12 18:45:39 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2012.11.12 18:40:37 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.11.12 18:40:37 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.11.12 18:40:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.11.12 18:40:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.11.12 18:40:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.11.07 10:34:41 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\fritz\defogger_reenable
[2012.11.06 20:52:01 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.24 17:36:16 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2012.02.18 09:08:04 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.10.16 10:16:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2011.10.02 09:12:17 | 000,239,265 | ---- | C] () -- C:\WINDOWS\hpwins26.dat
[2011.10.02 09:12:17 | 000,000,370 | ---- | C] () -- C:\WINDOWS\hpwmdl26.dat
[2011.03.27 17:55:29 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011.03.27 17:55:28 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.11.04 07:58:15 | 000,108,993 | ---- | C] () -- C:\Dokumente und Einstellungen\fritz\Anwendungsdaten\mdbu.bin
[2010.04.07 19:21:23 | 000,010,240 | ---- | C] () -- C:\Dokumente und Einstellungen\fritz\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009.10.29 06:24:34 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 07:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012.08.15 09:22:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BSD
[2010.11.04 07:40:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Toolkit Suite
[2012.08.15 08:38:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Fighters
[2010.11.04 21:24:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HappyFoto-Designer
[2010.01.14 17:43:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Hofer Foto Service
[2010.01.14 17:44:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2011.02.09 21:06:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache
[2011.02.09 21:11:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2010.11.03 16:30:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\fritz\Anwendungsdaten\Common Toolkit Suite
[2012.08.15 08:56:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\fritz\Anwendungsdaten\Fighters
[2009.12.28 18:14:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\fritz\Anwendungsdaten\Genie-Soft
[2010.11.06 14:10:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\fritz\Anwendungsdaten\HartlauerFotoService3
[2010.07.25 17:02:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\fritz\Anwendungsdaten\MAGIX
[2011.04.06 16:06:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\fritz\Anwendungsdaten\OpenOffice.org
[2011.02.09 21:10:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\fritz\Anwendungsdaten\PC Suite
[2012.11.07 10:11:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\fritz\Anwendungsdaten\QuickScan
[2012.04.09 22:06:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\fritz\Anwendungsdaten\SumatraPDF
[2012.10.31 20:54:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\fritz\Anwendungsdaten\TeamViewer
[2012.02.24 17:35:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\fritz\Anwendungsdaten\uTorrent
[2010.01.27 13:24:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\fritz\Anwendungsdaten\Vidal
[2012.08.15 08:38:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Fighters
========== Purity Check ==========
< End of report > Dann habe ich hier ein Produkt in der Taskleiste gefunden, das nennt sich FIGHTERtools. Drauflassen oder deinstallieren? Klingt mir verdächtig nach Schrott, nicht unbedingt Malware, aber Schrott.
Danke bis hierher! I have so much to learn. ;) |